[ MDVSA-2015:090 ] libpng

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:090
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libpng
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libpng package fixes security vulnerabilities:
 
 The png_push_read_chunk function in pngpread.c in the progressive
 decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause
 a denial of service (infinite loop and CPU consumption) via an IDAT
 chunk with a length of zero (CVE-2014-0333).
 
 libpng versions 1.6.9 through 1.6.15 have an integer-overflow
 vulnerability in png_combine_row() when decoding very wide interlaced
 images, which can allow an attacker to overwrite an arbitrary amount
 of memory with arb

007 Software

[ MDVSA-2015:090 ] libpng

Leave a Reply Cancel reply

Software and Security Information